The concept of outsourcing identities can be a little scary for IT organizations. Historically, the identity provider has been on-prem, and securely managing identities has long been one of the most important aspects of running an IT organization. Yet, with major advances in the identity and access management (IAM) world, the concept of outsourced identities is becoming a reality.
The good news is that leveraging an outsourced identity provider like Directory-as-a-Service® can be a huge advantage for cloud forward organizations, but before explaining how, it’s important to first discuss why IT organizations are outsourcing identities to begin with.
Traditional On-prem Identity Management
The modern approach to identity management really kicked off with the advent of the LDAP protocol in 1993 by our advisor, Tim Howes, and his colleagues at The University of Michigan. It was a time when just about everything was Microsoft Windows® based and on-prem.
Two major identity providers emerged from the LDAP protocol a few years later. The first, of course, was OpenLDAP™ – the free and open source iteration of the LDAP protocol. The other was from Microsoft, which combined LDAP and Kerberos to create Active Directory®.
Both of these solutions were hosted on-prem and tightly controlled. IT organizations held their identities and their identity management platforms close to their vest. Security and compliance regulations hammered home the need to have tight control over all user access and that even leaving ex-employees or contractors in the directory was bad security hygiene.
So, it’s not surprising when IT admins question whether identities can be outsourced or hosted in the cloud. Add to that the number of security events that have occurred through breached credentials, and most IT organizations are quickly unwilling to take the risk of a cloud hosted identity management solution.
Yet, many IT organizations are completely shifting their IT infrastructures to the cloud. In fact, many now have no IT resources on-prem except for their wireless access points. In this case, it is critical to find the best way to manage user access with a cloud hosted solution.
Outsourced Identity Management with Directory-as-a-Service
The good news is that an outsourced identity management solution called Directory-as-a-Service® is taking security to a new level. With one-way hashing and salting of passwords, full encryption in flight and at rest of data, and multi-factor authentication options, the concept of a cloud identity can be highly secure.
Further, the best cloud identity management providers are executing stringent vulnerability management testing, penetration testing, patching, and auditing to ensure that their processes are supporting their approach to security.
Directory-as-a-Service leverages protocols like LDAP, SAML, RADIUS, and a REST API (to name a few) to manage identities and connect them securely to IT resources. As a result, IT admins can rest easy knowing their outsourced identities are secure with JumpCloud.
Check out the following whiteboard presentation to learn more about the protocols and architecture behind JumpCloud’s Directory-as-a-Service.
Learn More About Outsourced Identities
With so many cloud infrastructure solutions and web applications, IT admins are forced to deal with cloud hosted identities in a number of places. By creating a cloud identity provider and leveraging a modern cloud directory service, IT admins can outsource their identity management while stepping up their security at the same time.
Contact the JumpCloud team to learn more about how to step up security with an outsourced identity provider. You can also sign up for a Directory-as-a-Service account and secure your identities from the cloud today. Your first ten users are free forever to help you explore the full functionality of our platform risk free.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud